按关键词阅读: 战略 2020 设计 试验报告 安全策略 控制 访问 基于 ACL 管理
R2 。
14、#c onftEn terc on figuratio ncomma nds, on eperl in e.E ndwithCNTL/Z.R2(co nfig)#access-list1de ny10.20.170.00.0.0.255R2(c on fig)#access-list1permita nyR2(co nfig)#i nts0/0/1R2(c on fig-if)#ipaccess-group1i nR2(co nfig-if)#exitR2(co nfig)#l in evtyO4R2(co nfig-lin e)#password501R2(co nfig-li ne)#lo 。
15、ginR2(c on fig-l in e)#access-class2 inR2(co nfig-li ne)#e ndR2#%SYS-5-CONFIG:Co nfiguredfromco nsolebyco nsoleR2#copyr un startDesti natio nfile namestartup-c on fig?Buildi ngcon figurati on. , 应该配ACL之后 , stude nt 去pin gR2 的三个接口的ip地址 , 也能够 pi ng 服务器10.20.168.7 pi ng 不通 。
PCpi ng10.20.168.7Pin gi ng10.20.16 。
16、8.7with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.Pin gstatisticsfor10.20.168.7:Packets:Se nt=4,Received=0,Lost=4(100%loss),OKPin gi ng192.168.12.2with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.Pin gstatisticsfor192.168.12.2:Packe 。
17、ts:Se nt=4,Received=0,Lost=4(100%loss),配ACL之后 , teacher机能够telnetR2 , 效果如下 。
PCtel net192.168.23.1Tryi ng192.168.23.1.Ope nUserAccessVerificatio nPassword:501R2e n%Nopasswordset.R2但只允许teacher机telnetR2 , 在R3上telnetR2 不成功 。
R3#tel net192.168.23.1Tryi ng192.168.23.1.%Connection refusedbyremotehostR3#tel net192.16 。
18、8.12.2Tryi ng192.168.12.2.%Connection refusedbyremotehostR3#tel net10.20.168.1Tryi ng10.20.168.1%Connection refusedbyremotehost 在student 机上telnetR2 不成功 。
PCtel net192.168.12.2Tryi ng192.168.12.2.%Connection timedout;
remotehost no tresp ondingPCtel net192.168.23.1Tryi ng192.168.23.1.%Connection timedou 。
19、t;
remotehost no tresp ondingPCtel net10.20.168.1Tryi ng10.20.168.1.%Connection timedout;
remotehost no tresp onding 在R1上telnetR2 不成功 。
R1#tel net192.168.12.2Tryi ng192.168.12.2.%Connection refusedbyremotehostR1#tel net192.168.23.1Tryi ng192.168.23.1.%Connection refusedbyremotehostR1#tel net10.20.168.1T 。
20、ryi ng10.20.168.1.%Connection refusedbyremotehostTeacher 机:PCtel net192.168.12.1Tryi ng192.168.12.1.Ope nCo nn ectio nto192.168.12.1closedbyforeig nhostPCtel net10.20.170.1Tryi ng10.20.170.1.%Connection timedout;
remotehost no tresp ondingPCtel net10.20.170.10Tryin g10.20.170.10.%Connection timedout;
。
21、remotehost no tresp ondingR1#te In et10.20.66.1Tryi ng10.20.66.1.0pe nCo nn ectio nto10.20.66.1closedbyforeig nhostR1#tel net192.168.23.2Tryi ng192.168.23.2.Ope nCo nn ecti on to192.168.23.2closedbyforeig nhostR3enR3#tel net192.168.12.1Tryi ng192.168.12.1.Ope nCo nn ectio nto192.168.12.1closedbyfore 。
22、ig nhostR3#tel net10.20.170.1Tryi ng10.20.170.1%Connection timedout;
remotehost no tresp ondingSERVERtel net192.168.12.2Tryi ng192.168.12.2.%Connection refusedbyremotehostSERVERtel net192.168.23.1Tryi ng192.168.23.1.%Connection refusedbyremotehostSERVERte In et10.20.168.1Tryi ng10.20.168.1.%Connectio 。
23、n refusedbyremotehostSERVERtel net192.168.12.1Tryi ng192.168.12.1.Ope nCo nn ectio nto192.168.12.1closedbyforeig nhostSERVERte In et10.20.170.1Tryi ng10.20.170.1.%Connection timedout;
remotehost no tresp ondingSERVERtel net192.168.23.2Tryi ng192.168.23.2.Ope nCo nn ecti on to192.168.23.2closedbyforei 。
24、g nhostSERVERtel net10.20.66.1Tryi ng10.20.66.1.0pe nCo nn ectio nto10.20.66.1closedbyforeig nhostSERVERtel net10.20.66.10Tryi ng10.20.66.10.%Connection refusedbyremotehostSERVER教师不受限制 。
2扩展ACL实验:实验目标:学生不能访问 ftp,但能访问www 实验拓补图如下: 实验配置如下:R2#shaccess-listsSta ndardlPaccesslistlden y10.20.170.00.0.0.255pe 。
25、rmita ny (11match(es)Stan dardIPaccesslist2permithost10.20.66.10R2#shru nin terfaceSerialO/O/1ipaddress192.168.12.2255.255.255.0ipaccess-groupli n!lin evty04access-class2 inpassword501logi n!删除ACL :R2#c onftEn terc on figurati on comma nds, on eperli ne.E ndwithCNTL/Z.R2(co nfig)#i ntsO/O/1R2(c on f 。
26、ig-if)# noipaccess-group1i nR2(co nfig-if)#exitR2(c on fig)# no access-list1R2(co nfig)#l in evty04R2(c on fig-l in e)# no access-class2 inR2(c on fig-li ne)# no passwordR2(co nfig-if)#exitR2(c on fig)# no access-list2能够用 shaccess-lists 禾口 shrun 查见 。
R2#shaccess-listsR2#shru nR2#copyr un startDesti na 。
27、tio nfile namestartup-c on fig?Buildi ngcon figurati on.OK配ACL之前测试:student的pc机测试结果如下:PCpi ng10.20.168.7Pin gi ng10.20.168.7with32bytesofdata:Replyfrom10.20.168.7:bytes=32time=203msTTL=126Replyfrom10.20.168.7:bytes=32time=141msTTL=126Replyfrom10.20.168.7:bytes=32time=157msTTL=126Replyfrom10.20.168.7: 。
28、bytes=32time=143msTTL=126Pin gstatisticsfor10.20.168.7:Packets:Se nt=4,Received=4,Lost=0(0%loss),Approximatero un dtriptimesi nmilli-sec on ds:Minimu m=141ms,Maximum=203ms,Average=161msstude nt 机上测试:PCftp10.20.168.7Tryi ngtoco nn ect.10.20.168.7Conn ectedto10.20.168.7220-WelcometoPTFtpserverUsern am 。
稿源:(未知)
【傻大方】网址:/a/2021/0820/0023836618.html
标题:2020|2020年战略管理基于ACL的访问控制及安全策略的设计试验报告( 二 )